Goodrich, Wayne
2002-Apr-16 12:08 UTC
[Samba] Problem using winbind and pam to auth win2k Domain Users
When I try to log on as a domain user after joining the domain and verifying
the users with wbinfo -u, I get "Authentication service cannot retrieve
authentication info." I'm using DOMAIN+user and entering the correct
password. When I use a bogus password, I just get "Login failed" as
expected.
Debian Linux / Samba 2.2.3a-6
********/etc/pam.d/login**********
#
# The PAM configuration file for the Shadow `login' service
#
# NOTE: If you use a session module (such as kerberos or NIS+)
# that retains persistent credentials (like key caches, etc), you
.
.
.
# auth required pam_issue.so issue=/etc/issue
auth required pam_securetty.so
auth sufficient pam_winbind.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix.so use_first_pass nullok
# auth optional pam_group.so
# account requisite pam_time.so
# account required pam_access.so
# Standard Un*x account and session
account required pam_unix.so
account sufficient pam_winbind.so
session required pam_unix.so
# session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_unix.so nullok obscure min=4 max=8 md5
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
*********/etc/pam.d/samba************
auth required /lib/security/pam_winbind.so
auth required pam_unix.so nullok
account required /lib/security/pam_winbind.so
account required pam_unix.so
session required /lib/security/pam_mkhomedir.so
session required /lib/security/pam_winbind.so
session required pam_unix.so
password required /lib/security/pam_winbind.so
password required pam_unix.so
*********/etc/samba/smb.conf**********
#======================= Global Settings ======================
[global]
# Change this for the workgroup/NT-domain name your Samba server will part
of
workgroup = MCCLELLAN
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# You may wish to override the location of the printcap file
; printcap name = /etc/printcap
# 'printing = cups' works nicely
; printing = bsd
; guest account = nobody
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# "security = user" is always a good idea. This will require a Unix
account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = domain
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
Thanks in advance for any suggestions.
-----
Wayne